Eric Helgeson found that his ISP was redirecting him to merchants using their affiliate links:
> When looking at the URLs a little more closely I noticed fwdsnp was adding affiliate ID’s into the URLs. Did I have some malware that was hijacking my requests? I switched to Google’s DNS and the affiliate IDs were not injected into the URLs. Then I noticed one of the affiliate’s name was Arvig, which happens to be my ISP. Confirmed. It looks like I’m not the only one.
Read the article for the ISP response, it’s classic.